42ed4e34d5
processing feature (CVE-2023-49285) Resolves: RHEL-18342 - squid:4/squid: Incorrect Check of Function Return Value In Helper Process management (CVE-2023-49286) Resolves: RHEL-18230 - squid:4/squid: Denial of Service in SSL Certificate validation (CVE-2023-46724) Resolves: RHEL-15911 - squid:4/squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728) Resolves: RHEL-18251 - squid crashes in assertion when a parent peer exists Resolves: RHEL-14794 - squid: squid multiple issues in HTTP response caching (CVE-2023-5824) Resolves: RHEL-14803 - squid: squid: Denial of Service in HTTP Digest Authentication (CVE-2023-46847) Resolves: RHEL-14777 - squid: squid: Request/Response smuggling in HTTP/1.1 and ICAP (CVE-2023-46846)
24 lines
1.1 KiB
Diff
24 lines
1.1 KiB
Diff
diff --git a/src/auth/digest/Config.cc b/src/auth/digest/Config.cc
|
|
index 6a9736f..0a883fa 100644
|
|
--- a/src/auth/digest/Config.cc
|
|
+++ b/src/auth/digest/Config.cc
|
|
@@ -847,11 +847,15 @@ Auth::Digest::Config::decode(char const *proxy_auth, const char *aRequestRealm)
|
|
break;
|
|
|
|
case DIGEST_NC:
|
|
- if (value.size() != 8) {
|
|
+ if (value.size() == 8) {
|
|
+ // for historical reasons, the nc value MUST be exactly 8 bytes
|
|
+ static_assert(sizeof(digest_request->nc) == 8 + 1, "bad nc buffer size");
|
|
+ xstrncpy(digest_request->nc, value.rawBuf(), value.size() + 1);
|
|
+ debugs(29, 9, "Found noncecount '" << digest_request->nc << "'");
|
|
+ } else {
|
|
debugs(29, 9, "Invalid nc '" << value << "' in '" << temp << "'");
|
|
+ digest_request->nc[0] = 0;
|
|
}
|
|
- xstrncpy(digest_request->nc, value.rawBuf(), value.size() + 1);
|
|
- debugs(29, 9, "Found noncecount '" << digest_request->nc << "'");
|
|
break;
|
|
|
|
case DIGEST_CNONCE:
|